Location: Plymouth - Royale, 6th fl.

Duration: 4:10pm - 5:00pm

Day of week: Tuesday

Level: Intermediate

Persona: Architect, Developer, Security Professional

More talks on:

Abstract

Osquery allows you to easily ask questions about your Linux, Windows, and macOS infrastructure using standard SQL-based statements. But how? Organizations deploying osquery will need to engineer various solutions to accomplish this seemingly simple task. Enter Doorman. This simple Python/Flask-based web interface allows you to manage your entire osquery deployment, from baseline configurations and ad-hoc queries, to log collection and alerting. In this talk, we'll give a brief demonstration of osquery and its capabilities and why we set upon using osquery as an endpoint security solution. We'll describe our threat model along with the design and architecture decisions that went into Doorman. Lastly, we'll discuss how we use Doorman and osquery to provide visibility into our infrastructure.

Speaker: Marcin Wielgoszewski

Security Engineer

Marcin Wielgoszewski is a security engineer at a cryptocurrency exchange, where he is responsible for designing preventative and detective security controls to safeguard customer funds and information. Prior to his engineering role, Marcin was a principal consultant at Matasano Security (now NCC Group), an application security consulting firm. At Matasano, he worked primarily in an offensive role performing application security assessments and cryptographic design and implementation reviews for financial institutions. Marcin was a member of the Cryptopals.com team, and previously a guest lecturer in NYU Tandon's Penetration Testing and Vulnerability Analysis class.